Content Pack

Published

27 Jan 16:56

Last Push

15 Sep 09:16

Marketplace Rating

No rating yet

Discussion

0
Comments

Readme from Github

Neo4j Demo Content Pack

Graylog Content Pack which demonstrates advanced log management use cases with
Neo4j graph database integration. This content pack is best served with the new random message generator found in Graylog 2.0 and newer versions.

A simple example To test the setup we can start with a simple graph. Graylog
ships with a built-in random log generate that simulates a HTTP server. To
visualize the incoming connections of this fictitious web server we first create
the input:

Only messages coming from this input should be represented in the graph. To
identify each connection we create a relationships between the user_id of a
connection and the HTTP server example.org. To filter the right messages we
create a new stream with the following rules:

Now the Neo4j output can be attached to the stream. The default Cypher query is
already made for this example and can be adopted. Only the URL to the Neo4j
server and the username and password needs to be changed for the local
occurrence (default user/pass: neo4j/neo4j).

A look into the built-in Neo4j web interface shows the results. A query like
MATCH (n) RETURN n; returns all user_id connected to the test web server.

Advanced Demo

You will need to be running Graylog 2.0 or newer to run through the advanced demo.

Make sure you have the Neo4j output plugin installed

Download and install the demo content pack

Configure the Neo4j Host/IP and credentials on the output source

Once you have installed the content pack and updated your Neo4j output
configuration, you should start seeing messages like the following appear in
your Graylog instance:

In Neo4j you should see something like the following:

Now we can use a simpler query in the output plugin, based on dependencies only:

Simple read only event console within Neo4j

The above console was built using the following Cypher query in Graylog.

Note: The Cypher query below is dependent on the Graylog 2.0 and higher version of the RandomHTTPMessageGenerator input plugin.